Here’s How Law Enforcement can Work Around USB Restricted Mode

Cellebrite's servers hit with data breach

Apple added a new feature in iOS 11.4.1 called USB Restricted Mode to block anyone from using the Lightning port to hack into your iPhone or iPad. Now a security researcher says it’s stunningly easy to work around by simply plugging a dongle into the port.

Cellebrite's servers hit with data breach
It’s surprisingly easy to work around USB Restricted Mode

 

USB Restricted Mode is designed to block iPhones and iPads from connecting to computers and other devices if they haven’t been unlocked or connected to a trusted accessory for more than an hour. The idea is that if your device is stolen or confiscated, there’s no more than 60 minutes before the device locks down the Lightning port so no data can pass through.

Elcomsoft’s Oleg Afonin says,

What we discovered is that iOS will reset the USB Restrictive Mode countdown timer even if one connects the iPhone to an untrusted USB accessory, one that has never been paired to the iPhone before (well, in fact the accessories do not require pairing at all). In other words, once the police officer seizes an iPhone, he or she would need to immediately connect that iPhone to a compatible USB accessory to prevent USB Restricted Mode lock after one hour. Importantly, this only helps if the iPhone has still not entered USB Restricted Mode.

This trick works only if it’s been less than an hour since the iPhone or iPad was last unlocked or connected to a trusted device. If USB Restricted Mode has already kicked in the device’s Lightning port will be locked and the dongle workaround won’t work.

[How to Enable and Disable iPhone and iPad USB Restricted Mode]

Since USB Restricted Mode is a software update, there’s a chance Apple can address the workaround with a code patch. Until then, the security feature is nice, but not fool-proof.

2 thoughts on “Here’s How Law Enforcement can Work Around USB Restricted Mode

  • Okay but in the real world, let’s say the San B shooter a while back, it will be way over an hour before the police even find the phone, let alone pair it with something, that is if they have something to pair it with. This is a very limited workaround/vulnerability.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.